Here’s an interesting link re iv vectors. It says iv can be sent in plain view. Hmmm.... http://www.cryptofails.com/post/70059609995/crypto-noobs-1-initialization-vectors
But, I thought having the iv vector in plain view was also a security risk. Perhaps I’m belaboring this and I apologize if I this discussion is getting tedious. Bill William Prothero http://earthlearningsolutions.org > On Jun 28, 2018, at 3:53 PM, Mark Wieder via use-livecode > <[email protected]> wrote: > > Return-Path: <[email protected]> > Delivered-To: [email protected] > Received: from ssd.earthlearningsolutions.org > by ssd.earthlearningsolutions.org with LMTP id iK5OBz9nNVvKBQgAqWmBzQ > for <[email protected]>; Thu, 28 Jun 2018 22:54:55 +0000 > Return-path: <[email protected]> > Envelope-to: [email protected] > Delivery-date: Thu, 28 Jun 2018 22:54:55 +0000 > Received: from on-rev.com ([37.59.205.90]:45213 helo=var.runrev.com) > by ssd.earthlearningsolutions.org with esmtps > (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) > (Exim 4.91) > (envelope-from <[email protected]>) > id 1fYfoU-002Cli-VR > for [email protected]; Thu, 28 Jun 2018 22:54:55 +0000 > Received: from localhost ([127.0.0.1]:40505 helo=meg.on-rev.com) > by meg.on-rev.com with esmtp (Exim 4.85) > (envelope-from <[email protected]>) > id 1fYfnh-0002Uo-3q; Fri, 29 Jun 2018 00:54:05 +0200 > Received: from c.mail.sonic.net ([64.142.111.80]:34500) > by meg.on-rev.com with esmtps (TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) > (Exim 4.85) (envelope-from <[email protected]>) > id 1fYfne-0002Tc-Fv > for [email protected]; Fri, 29 Jun 2018 00:54:02 +0200 > Received: from [192.168.0.1] (50-1-85-235.dsl.dynamic.fusionbroadband.com > [50.1.85.235]) (authenticated bits=0) > by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id w5SMruW6005477 > (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) > for <[email protected]>; Thu, 28 Jun 2018 15:53:57 -0700 > Subject: Re: Examples of encryption for database access > To: Brian Milby via use-livecode <[email protected]> > References: > <cwlp265mb038873410294eb2bbf14aefa8f...@cwlp265mb0388.gbrp265.prod.outlook.com> > <[email protected]> > > <cwlp265mb03888246e70c5ff9ad7d3ca38f...@cwlp265mb0388.gbrp265.prod.outlook.com> > <[email protected]> > <[email protected]> > <[email protected]> > <[email protected]> > <[email protected]> > <[email protected]> > <f9a11613-1c50-48a8-9106-0c779e0aa607@Spark> > <[email protected]> > <[email protected]> > <[email protected]> > <[email protected]> > <b1c23eff-7f5d-4028-abfd-bf912ded88fa@Spark> > Message-ID: <[email protected]> > Date: Thu, 28 Jun 2018 15:53:47 -0700 > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 > Thunderbird/52.8.0 > MIME-Version: 1.0 > In-Reply-To: <b1c23eff-7f5d-4028-abfd-bf912ded88fa@Spark> > Content-Language: en-US > X-Sonic-CAuth: > UmFuZG9tSVYV61H8iJnDK8B78GdZlYqOiytilmPik8b3rpWaN3EnRBEaGwmBl44wO/6mwKUeRD6UgYKrQpGb7glziXUhBLNd > X-Sonic-ID: C;bmxTIyZ76BGfs641UvMdPQ== M;TH6LIyZ76BGfs641UvMdPQ== > X-Sonic-Spam-Details: 0.0/5.0 by cerberusd > X-BeenThere: [email protected] > X-Mailman-Version: 2.1.20 > Precedence: list > List-Id: How to use LiveCode <use-livecode.lists.runrev.com> > List-Unsubscribe: <http://lists.runrev.com/mailman/options/use-livecode>, > <mailto:[email protected]?subject=unsubscribe> > List-Archive: <http://lists.runrev.com/pipermail/use-livecode/> > List-Post: <mailto:[email protected]> > List-Help: <mailto:[email protected]?subject=help> > List-Subscribe: <http://lists.runrev.com/mailman/listinfo/use-livecode>, > <mailto:[email protected]?subject=subscribe> > From: Mark Wieder via use-livecode <[email protected]> > Reply-To: How to use LiveCode <[email protected]> > Cc: Mark Wieder <[email protected]> > Content-Transfer-Encoding: 7bit > Content-Type: text/plain; charset="us-ascii"; Format="flowed" > Errors-To: [email protected] > Sender: "use-livecode" <[email protected]> > X-AntiAbuse: This header was added to track abuse, please include it with any > abuse report > X-AntiAbuse: Primary Hostname - meg.on-rev.com > X-AntiAbuse: Original Domain - earthlearningsolutions.org > X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] > X-AntiAbuse: Sender Address Domain - lists.runrev.com > X-Get-Message-Sender-Via: meg.on-rev.com: acl_c_authenticated_local_user: > mailman/mailman > >> On 06/28/2018 01:49 PM, Brian Milby via use-livecode wrote: >> Random IV means that an attacker can not generate a dictionary in advance. >> Knowing it at the same time is not an issue since they cypher is not >> cracked. The other reason is that the IV seeds the AES encryption so that >> the first block does not give anything away. If the first encrypted block >> for the same data is always the same, the attacker can use that to test >> guesses if they can control what is being encrypted. Same issue if they can >> predict the IV. See the Wikipedia entry I linked to for a better discussion. > > Encryption with an initialization vector isn't a reversible operation. It's > not like XORing a value with another. Being able to *predict* an iv value, > however, as opposed to just knowing the current value, is a security problem. > >> IV is fixed at the block size of the cipher. So for AES it is 16 bytes. > > Yes, I stand corrected. Silly me assumed that aes-256 would use a larger > block size. AES uses only 128-bit blocks with different key sizes. > > -- > Mark Wieder > [email protected] > > _______________________________________________ > use-livecode mailing list > [email protected] > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode >> On 06/28/2018 01:49 PM, Brian Milby via use-livecode wrote: >> Random IV means that an attacker can not generate a dictionary in advance. >> Knowing it at the same time is not an issue since they cypher is not >> cracked. The other reason is that the IV seeds the AES encryption so that >> the first block does not give anything away. If the first encrypted block >> for the same data is always the same, the attacker can use that to test >> guesses if they can control what is being encrypted. Same issue if they can >> predict the IV. See the Wikipedia entry I linked to for a better discussion. > > Encryption with an initialization vector isn't a reversible operation. It's > not like XORing a value with another. Being able to *predict* an iv value, > however, as opposed to just knowing the current value, is a security problem. > >> IV is fixed at the block size of the cipher. So for AES it is 16 bytes. > > Yes, I stand corrected. Silly me assumed that aes-256 would use a larger > block size. AES uses only 128-bit blocks with different key sizes. > > -- > Mark Wieder > [email protected] > > _______________________________________________ > use-livecode mailing list > [email protected] > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
